Lucene search
K

447 matches found

Cvelist
Cvelist
added 2021/05/20 3:25 p.m.12 views

CVE-2020-35580

A local file inclusion vulnerability in the FileServlet in all SearchBlox before 9.2.2 allows remote, unauthenticated users to read arbitrary files from the operating system via a /searchblox/servlet/FileServlet?col=url= request. Additionally, this may be used to read the contents of the SearchBl...

7.4AI score0.13975EPSS
Exploits1References2
CVE
CVE
added 2021/05/20 3:25 p.m.69 views

CVE-2020-35580

Summary: CVE-2020-35580 is a local file inclusion vulnerability in the SearchBlox FileServlet (versions before 9.2.2). The issue allows remote, unauthenticated attackers to read arbitrary files from the OS (via /searchblox/servlet/FileServlet?col=url=) and may expose the SearchBlox configuration ...

7.5CVSS7.3AI score0.13975EPSS
In wildExploits1References2Affected Software1
Exploit DB
Exploit DB
added 2021/05/10 12:0 a.m.134 views

Human Resource Information System 0.1 - 'First Name' Persistent Cross-Site Scripting (Authenticated)

Exploit Title: Human Resource Information System 0.1 - 'First Name' Persistent Cross-Site Scripting Authenticated Date: 04-05-2021 Exploit Author: Reza Afsahi Vendor Homepage: https://www.sourcecodester.com Software Link:...

7AI score
Exploits0
Packet Storm
Packet Storm
added 2021/05/10 12:0 a.m.104 views

Human Resource Information System 0.1 Cross Site Scripting

Exploit Title: Human Resource Information System 0.1 - 'First Name' Persistent Cross-Site Scripting Authenticated Date: 04-05-2021 Exploit Author: Reza Afsahi Vendor Homepage: https://www.sourcecodester.com Software Link:...

7.4AI score
Exploits0
0day.today
0day.today
added 2021/05/08 12:0 a.m.18 views

Human Resource Information System 0.1 - (First Name) Persistent Cross-Site Scripting Vulnerability

Exploit Title: Human Resource Information System 0.1 - 'First Name' Persistent Cross-Site Scripting Authenticated Exploit Author: Reza Afsahi Vendor Homepage: https://www.sourcecodester.com Software Link:...

7.4AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/03/12 6:1 p.m.48 views

150,000 Verkada security cameras hacked—to make a point

Hackers were able to gain access to camera feeds from Verkada, a tech company that specializes in video security and physical access control, to demonstrate how prevalent surveillance is, reports say. Unfortunately, it also exposed the inner workings of hospitals, clinics, and mental health...

0.4AI score
Exploits0
OSV
OSV
added 2021/03/10 2:15 p.m.18 views

CVE-2020-23722

An issue was discovered in FUEL CMS 1.4.7. There is a escalation of privilege vulnerability to obtain super admin privilege via the "id" and "fuelid" parameters...

8.8CVSS7.1AI score
Exploits0References1
OSV
OSV
added 2020/11/11 1:15 p.m.5 views

CVE-2020-4685

A low level user of IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, 10.4.1, and 10.4.2 who has Administration rights to the server where the application is installed, can escalate their privilege from Low level to Super Admin and gain access to Create/Update/Delete any level of user in Cognos...

7.2CVSS7.1AI score0.01428EPSS
Exploits0References2
Exploit DB
Exploit DB
added 2020/07/23 12:0 a.m.483 views

UBICOD Medivision Digital Signage 1.5.1 - Authorization Bypass

Title: UBICOD Medivision Digital Signage 1.5.1 - Authorization Bypass Date: 2020-07-23 Author: LiquidWorm Product web page: http://www.medivision.co.kr CVE: N/A Vendor: UBICOD Co., Ltd. | MEDIVISION INC. Product web page: http://www.medivision.co.kr Affected version: Firmware 1.5.1 2013.01.3...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/07/20 12:0 a.m.442 views

UBICOD Medivision Digital Signage 1.5.1 Privilege Escalation

UBICOD Medivision Digital Signage 1.5.1 Privilege Escalation Through Authorization Bypass Vendor: UBICOD Co., Ltd. | MEDIVISION INC. Product web page: http://www.medivision.co.kr Affected version: Firmware 1.5.1 2013.01.3 Summary: Medivision is a service that provides everything from DID operatio...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2020/07/20 12:0 a.m.466 views

UBICOD Medivision Digital Signage 1.5.1 Cross Site Request Forgery

input type="hi...

7.4AI score
Exploits0
0day.today
0day.today
added 2020/07/20 12:0 a.m.487 views

UBICOD Medivision Digital Signage 1.5.1 Cross Site Request Forgery Vulnerability

Exploit for php platform in category web applications...

0.1AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2020/07/19 12:0 a.m.58 views

UBICOD Medivision Digital Signage 1.5.1 CSRF Add Super Admin

Summary Medivision is a service that provides everything from DID operation to development of DID Digital Information Display optimized for hospital environment and production of professional contents, through DID product installation, image, video content planning, design work, and remote contro...

5.8AI score
Exploits0
Packet Storm
Packet Storm
added 2020/03/24 12:0 a.m.354 views

WordPress WP Forms 1.5.8.2 Cross Site Scripting

Exploit Title: Wordpress Plugin WPForms 1.5.9 - Persistent Cross-Site Scripting Date: 2020-02-18 Vendor Homepage: https://wpforms.com Vendor Changelog: https://wordpress.org/plugins/wpforms-lite/developers Exploit Author: Jinson Varghese Behanan Author Advisory:...

5.5AI score0.04428EPSS
Exploits6
CNVD
CNVD
added 2019/12/31 12:0 a.m.2 views

Vulnerability of ACE Mingyi's O&M Audit Risk Control System to overstepping of authority

DASUSM is an audit and risk control system based on the theory and practical experience of operation and maintenance security management, combined with the requirements of various laws and regulations e.g., level protection, SOX, PCI, enterprise internal control management, hierarchical protectio...

7.3AI score
Exploits0
Exploit DB
Exploit DB
added 2019/11/12 12:0 a.m.98 views

CBAS-Web 19.0.0 - Cross-Site Request Forgery (Add Super Admin)

Exploit Title: CBAS-Web 19.0.0 - Cross-Site Request Forgery Add Super Admin Google Dork: NA Date: 2019-11-11 Exploit Author: LiquidWorm Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/ Software Link: https://www.computrols.com/building-automation-software/ Version: 19.0.0 Tested...

8.8CVSS7.7AI score0.0242EPSS
Exploits4
Packet Storm
Packet Storm
added 2019/11/12 12:0 a.m.91 views

Computrols CBAS-Web 19.0.0 Cross Site Request Forgery

Computrols CBAS-Web 19.0.0 CSRF Add Super Admin CVE: CVE-2019-10847 Advisory: https://applied-risk.com/resources/ar-2019-009 Paper: https://applied-risk.com/resources/i-own-your-building-management-system Discovered by Gjoko 'LiquidWorm' Krstic history.pushState'', 't00t', 'index.php'...

6.8CVSS0.6AI score0.0242EPSS
Exploits4
0day.today
0day.today
added 2019/11/12 12:0 a.m.109 views

CBAS-Web 19.0.0 - Cross-Site Request Forgery (Add Super Admin) Vulnerability

Exploit for hardware platform in category web applications Exploit Title: CBAS-Web 19.0.0 - Cross-Site Request Forgery Add Super Admin Exploit Author: LiquidWorm Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/ Software Link:...

6.8CVSS0.4AI score0.0242EPSS
Exploits4
exploitpack
exploitpack
added 2019/11/12 12:0 a.m.43 views

CBAS-Web 19.0.0 - Cross-Site Request Forgery (Add Super Admin)

CBAS-Web 19.0.0 - Cross-Site Request Forgery Add Super Admin Exploit Title: CBAS-Web 19.0.0 - Cross-Site Request Forgery Add Super Admin Google Dork: NA Date: 2019-11-11 Exploit Author: LiquidWorm Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/ Software Link:...

6.8CVSS0.3AI score0.0242EPSS
Exploits4
NVD
NVD
added 2019/09/13 1:15 p.m.20 views

CVE-2016-10947

The Post Indexer plugin before 3.0.6.2 for WordPress has SQL injection via the period parameter by a super admin...

7.2CVSS7.5AI score0.01525EPSS
Exploits1References1
Rows per page
Query Builder